Amazon WorkSpaces now uses a smaller range of EC2 public IP addresses for its PCoIP gateway servers that will enable customers to set more finely grained firewall policies for devices accessing WorkSpaces. The Amazon WorkSpaces service uses the PCoIP gateway to stream the desktop session to its client applications over port 4172.

Please find below the public IP ranges for the WorkSpaces PCoIP gateway servers in each region.

Please note, that the Amazon WorkSpaces client applications also performs a network health check over port 4172 to validate if TCP/UDP traffic will traverse from the client application to the WorkSpaces production servers. To enable a successful network health check on the WorkSpaces client application, the firewall policies will have to take into account the regional network health check servers below.